------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1170 Summary: SSL fingerprint should be made accessible Product: Exim Version: 4.77 Platform: All OS/Version: All Status: NEW Severity: wishlist Priority: medium Component: TLS AssignedTo: [email protected] ReportedBy: [email protected] CC: [email protected] currently it is not possible with Exim to tell it what a certain domain's mail server's SSL fingerprint is. Today it is only possible to trust servers by trusting one or multiple CAs, that have signed their certificates. For security resons it would be *very* good if you could tell exim that the mail server mail.example.com has a certail SSL fingerprint and that only *that* fingerprint is the right one for that domain. This is also important to prevent attacks from people who got spurious access to one of the trusted CAs. Postfix has very advanced tls support, here is the documentation of the above mentioned fingerprint checking in postfix: http://www.postfix.org/TLS_README.html#client_tls_fprint maybe you can get some inspirations from that ... -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
